← Trust Center Policy 03

Data Retention Policy

Version 1.0 · Effective 2026-07-16

1. Purpose

This policy describes how long Genesis Revolution Group Inc retains information, when we delete it, and how anyone whose data we hold can request deletion. It complements our Privacy Policy and our Information Security Policy.

2. Guiding principles

3. Retention windows by data type

Data Active retention Backup expiry
Contact and account records of active clients Duration of the client relationship 90 days after deletion
Contact records of former clients Up to 24 months after last engagement 90 days after deletion
Financial transaction data received from Plaid or similar Duration of the client relationship 90 days after deletion
Payment and invoicing records 7 years (tax and financial reporting requirements) Aligned with legal retention
Meeting recordings and transcripts Up to 24 months, or until the client requests deletion 90 days after deletion
Prospect and lead information (not yet a client) Up to 12 months after last contact 90 days after deletion
Support communications Up to 24 months after resolution 90 days after deletion
Security and audit logs Up to 12 months 90 days after deletion

4. Deletion on request

Anyone whose personal information we hold can request deletion at any time by writing to contact@genesisrevolutiongroup.com. Requests are honored within 30 days unless a legal obligation requires us to retain specific records for longer, in which case we will explain the exception and the shortest period we can commit to.

5. Bank connections via Plaid

When a client disconnects a bank account or terminates our services, we revoke the associated Plaid Item, stop receiving new data for that connection, and remove the cached transaction data from active systems on the schedule described above. Existing financial records that are legally required for tax or audit purposes are retained in encrypted form for the applicable legal period.

6. Backups

Genesis maintains encrypted backups of production data for disaster recovery. Records that have been deleted from active systems expire from backups within 90 days. Backups are protected with the same access controls as production data.

7. Review

This policy is reviewed at least annually. Substantive changes are reflected by a new version number and effective date at the top of the page.